package com.hd.shiro2204.order.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

import java.util.HashMap;

@Controller
@RequestMapping("/order")
public class OrderController {
    @GetMapping("/m")
    public HashMap<String,Object> manage(){
        HashMap<String, Object> map = new HashMap<>();

        Subject subject = SecurityUtils.getSubject();

        boolean hasRole = subject.hasRole("admin");

        if (hasRole){
            map.put("code",1);
            map.put("msg","ok");
        }else {
            map.put("code",-1);
            map.put("msg","error");
        }

        return map;
    }
    @RequestMapping("/manage")
    public String manage1(){
        System.out.println("进入方法");

        //基于角色
        //获取主体对象
        Subject subject = SecurityUtils.getSubject();
        //代码方式
        if (subject.hasRole("admin")) {
            System.out.println("保存订单!");
            return "redirect:/order.html";
        }else{
            System.out.println("无权访问!");
            return "redirect:/error.html";
        }

    }
    @RequiresRoles(value={"admin","user"})//用来判断角色  同时具有 admin user
    @RequiresPermissions("order:save:*") //用来判断权限字符串
    @RequestMapping("save")
    public String save(){
        System.out.println("进入方法");
        return "redirect:/order.html";
    }

}